签到成功

知道了

CNDBA社区CNDBA社区

Mysql OCP 17题

2021-12-12 16:13 1410 0 原创 mysql
作者: hbhe0316
本文链接:http://www.cndba.cn/hbhe0316/article/22756

A crucial database, ‘db_prod’, just disappeared from your production MySQL instance. In reviewing the available MySQL logs (General, Audit, or Slow) and your own applicationlevel logs, you identified this command from a customer facing application:
SELECT id FROM users WHERE login=’payback!’;DROP DATABASE db_prod;’
Which three methods could have been used to prevent this SQL injection attack from happening?
A. writing your client code to properly escape all user input
B. giving limited privileges to accounts used by application servers to interact with their backing databases
C. using SSL/TLS on your outward facing web servers (https://) to encrypt all user sessions
D. using a hashing or encryption method to secure all user passwords in your MySQL tables
E. removing any remaining anonymous accounts from your MySQL instance
F. validating all user input before sending it to the database server
G. changing all passwords for the MySQL account ‘root’@’%’ immediately after losing an employee who knew the current password
Answer: ABFhttp://www.cndba.cn/hbhe0316/article/22756

http://www.cndba.cn/hbhe0316/article/22756
http://www.cndba.cn/hbhe0316/article/22756
http://www.cndba.cn/hbhe0316/article/22756
http://www.cndba.cn/hbhe0316/article/22756
http://www.cndba.cn/hbhe0316/article/22756

一个关键的数据库“db_prod”刚刚从您的生产MySQL实例中消失。在查看可用的MySQL日志(常规、审核或慢速)和您自己的applicationlevel日志时,您从面向客户的应用程序中标识了此命令:从登录名为’payback!的用户中选择id!’删除数据库db_prod;’
哪三种方法可以用来防止这种SQL注入攻击的发生?
A. writing your client code to properly escape all user input
A.编写客户端代码以正确转义所有用户输入
B. giving limited privileges to accounts used by application servers to interact with their backing databases
B.对应用服务器用于与其后台数据库交互的帐户授予有限的权限
C using SSL/TLS on your outward facing web servers (https://) to encrypt all user sessions
C.在面向外部的web服务器(https://)上使用SSL/TLS加密所有用户会话
D. using a hashing or encryption method to secure all user passwords in your MySQL tables
D.使用哈希或加密方法保护MySQL表中的所有用户密码
E. removing any remaining anonymous accounts from your MySQL instance
E.从MySQL实例中删除任何剩余的匿名帐户
F. validating all user input before sending it to the database server
F.在将所有用户输入发送到数据库服务器之前验证它们
G. changing all passwords for the MySQL account ‘root’@’%’ immediately after losing an employee who knew the current password
G.在失去知道当前密码的员工后立即更改MySQL帐户“root”@“%”的所有密码
Answer: ABF

http://www.cndba.cn/hbhe0316/article/22756
http://www.cndba.cn/hbhe0316/article/22756http://www.cndba.cn/hbhe0316/article/22756http://www.cndba.cn/hbhe0316/article/22756

版权声明:本文为博主原创文章,未经博主允许不得转载。

MYSQL

用户评论
* 以下用户言论只代表其个人观点,不代表CNDBA社区的观点或立场
hbhe0316

hbhe0316

关注

1.只有承认无知,才能装下新的东西; 2.进步来自一点点滴滴的积累; 3.广博让你更优秀,而专业让你无法替代; 4.挫折和失败能够转换为一种财富。

  • 889
    原创
  • 1
    翻译
  • 13
    转载
  • 24
    评论
  • 访问:2770048次
  • 积分:1523
  • 等级:核心会员
  • 排名:第6名
精华文章

    达梦数据库运维实战

    Oracle 18c 必须掌握的新特性:管理与实战

    Oracle数据库问题解决方案和故障排除手册
    最新问题
    查看更多+
    热门文章
      热门用户
      推荐用户
        友情链接: CNDBA社区 | openGauss | openEuler | openAnolis | 广告联系: database@ustc.edu
        Copyright © 2016 All Rights Reserved. Powered by CNDBA · 皖ICP备2022006297号-1·

        QQ交流群

        注册联系QQ